flag to use tor

flag to use tor

[Richard Stallman]

[[[ To any NSA and FBI agents reading my email: please consider    ]]]
[[[ whether defending the US Constitution against all enemies,     ]]]
[[[ foreign or domestic, requires you to follow Snowden's example. ]]]

Many Emacs commands connect to internet sites for various reasons.
vc does so, M-x irc does so, and I don't know how much else.

I want to connect through Tor all the time, but sometimes these
commands betray me.  I added a switch to VC to make it connect
through Tor always, but it would be good to have a facility that
would do this to all internet connections that Emacs packages make.

Some packages connect directly in Lisp. and some connect by running
subprocesses.  For the subprocesses, using 'torsocks' is an easy fix.
The hard part is to change all the packages that need fixing.

A super-simple approach is to have a switch with two settings: Tor, or
not Tor.  A more complex feature would give a systematic way to
specify exceptions.

What do people think?


-- 
Dr Richard Stallman
Chief GNUisance of the GNU Project (https://gnu.org)
Founder, Free Software Foundation (https://fsf.org)
Internet Hall-of-Famer (https://internethalloffame.org)

Re: flag to use tor

[Jean Louis]

* Richard Stallman <rms@gnu.org> [2020-11-17 08:14]:
> [[[ To any NSA and FBI agents reading my email: please consider    ]]]
> [[[ whether defending the US Constitution against all enemies,     ]]]
> [[[ foreign or domestic, requires you to follow Snowden's example. ]]]
> 
> Many Emacs commands connect to internet sites for various reasons.
> vc does so, M-x irc does so, and I don't know how much else.
> 
> I want to connect through Tor all the time, but sometimes these
> commands betray me.  I added a switch to VC to make it connect
> through Tor always, but it would be good to have a facility that
> would do this to all internet connections that Emacs packages make.

Good way to go is to launch Emacs by using `torify' command:

$ torify emacs

torify is now just a wrapper around torsocks(1) for backwards compatibility.
Usage: /usr/bin/torify [-hv] <command> [<options>...]

It then makes sure (but not sure how sure) that Internet that uses
that command goes over Tor.

> A super-simple approach is to have a switch with two settings: Tor, or
> not Tor.  A more complex feature would give a systematic way to
> specify exceptions.

It would be good to have option in Emacs that enables torsocks for any
Internet operation, something like torsocks-mode.

Re: flag to use tor

[Max Zettlmeißl]

On Tue, Nov 17, 2020 at 6:14 AM Richard Stallman <rms@gnu.org> wrote:
> I want to connect through Tor all the time, but sometimes these
> commands betray me.  I added a switch to VC to make it connect
> through Tor always, but it would be good to have a facility that
> would do this to all internet connections that Emacs packages make.
>
> Some packages connect directly in Lisp. and some connect by running
> subprocesses.  For the subprocesses, using 'torsocks' is an easy fix.
> The hard part is to change all the packages that need fixing.

I have been missing such a feature too.
The hardest part when not routing every single connection through Tor
on a lower level, is to know whether all connections originating from
Emacs really are going through Tor and I have always been hesitant to
fully trust the solutions which I came up with.
The solution which I trusted most, was running Emacs in a separate
network namespace and routing all the namespace's connections through
Tor.

> A super-simple approach is to have a switch with two settings: Tor, or
> not Tor.  A more complex feature would give a systematic way to
> specify exceptions.

I guess a more fine grained approach is required to really provide a
solution to everyone.
One example of a case where one might desire a more fine grained
control: When using tramp mode to edit files on a server, one might
not always be in a position where a connection from a Tor node is
allowed by the server.

I'm in favour of such a facility, but it should not provide a false
sense of security and therefore in my opinion either be implemented
properly or not at all.

Re: flag to use tor

[Colin Baxter]

>>>>> Richard Stallman <rms@gnu.org> writes:

    > [[[ To any NSA and FBI agents reading my email: please consider
    > ]]] [[[ whether defending the US Constitution against all enemies,
    > ]]] [[[ foreign or domestic, requires you to follow Snowden's
    > example. ]]]

    > Many Emacs commands connect to internet sites for various reasons.
    > vc does so, M-x irc does so, and I don't know how much else.

    > I want to connect through Tor all the time, but sometimes these
    > commands betray me.  I added a switch to VC to make it connect
    > through Tor always, but it would be good to have a facility that
    > would do this to all internet connections that Emacs packages
    > make.

    > Some packages connect directly in Lisp. and some connect by
    > running subprocesses.  For the subprocesses, using 'torsocks' is
    > an easy fix.  The hard part is to change all the packages that
    > need fixing.

    > A super-simple approach is to have a switch with two settings:
    > Tor, or not Tor.  A more complex feature would give a systematic
    > way to specify exceptions.

    > What do people think?

I run tor and then launch an xterm using proxychains using

proxychains /usr/bin/xterm <RET>.

I have

socks4 	127.0.0.1 9050

in my ~/.proxychains.conf. This ensures that proxychains uses tor. I then
launch emacs in the xterm as a gui or with '-nw'.


Best wishes,

Re: flag to use tor

[Colin Baxter]

Be careful if you want to use gnus in a tor'd  emacs. Many email
servers will block access and so will freenote - see the below quote
from an email:

    > Hi, We do not ban normal Tor users from freenode. What we ban are
    > Tor *exit nodes* from connecting directly to freenode. A normal
    > Tor user can connect to freenode using our onion
    > address. Instructions are available at
    > https://freenode.net/kb/answer/chat#accessing-freenode-via-tor

Best wishes,

Colin Baxter
URL: http://www.Colin-Baxter.com
---------------------------------------------------------------------
GnuPG fingerprint: 68A8 799C 0230 16E7 BF68  2A27 BBFA 2492 91F5 41C8
---------------------------------------------------------------------

Re: flag to use tor

[Zhu Zihao]

[-- Attachment #1: Type: text/plain, Size: 1561 bytes --]


What's is torsocks? Is this one?

https://github.com/dgoulet/torsocks

If so, according to its README. Maybe you can use a shell wrapper to
launch emacs

#+BEGIN_SRC
#!/bin/sh
export LD_PRELOAD=/path/to/libtorsocks.so
exec -a "$0" emacs "$@"
#+END_SRC

Emacs, and its subprocess would inherit this environment variable and
allow torsocks to intercept network connection and force them in Tor.


Richard Stallman writes:

> [[[ To any NSA and FBI agents reading my email: please consider    ]]]
> [[[ whether defending the US Constitution against all enemies,     ]]]
> [[[ foreign or domestic, requires you to follow Snowden's example. ]]]
>
> Many Emacs commands connect to internet sites for various reasons.
> vc does so, M-x irc does so, and I don't know how much else.
>
> I want to connect through Tor all the time, but sometimes these
> commands betray me.  I added a switch to VC to make it connect
> through Tor always, but it would be good to have a facility that
> would do this to all internet connections that Emacs packages make.
>
> Some packages connect directly in Lisp. and some connect by running
> subprocesses.  For the subprocesses, using 'torsocks' is an easy fix.
> The hard part is to change all the packages that need fixing.
>
> A super-simple approach is to have a switch with two settings: Tor, or
> not Tor.  A more complex feature would give a systematic way to
> specify exceptions.
>
> What do people think?


-- 
Retrieve my PGP public key: https://meta.sr.ht/~citreu.pgp

Zihao

[-- Attachment #2: signature.asc --]
[-- Type: application/pgp-signature, Size: 515 bytes --]

Re: flag to use tor

[Richard Stallman]

[[[ To any NSA and FBI agents reading my email: please consider    ]]]
[[[ whether defending the US Constitution against all enemies,     ]]]
[[[ foreign or domestic, requires you to follow Snowden's example. ]]]

  > If so, according to its README. Maybe you can use a shell wrapper to
  > launch emacs

  > #+BEGIN_SRC
  > #!/bin/sh
  > export LD_PRELOAD=/path/to/libtorsocks.so
  > exec -a "$0" emacs "$@"
  > #+END_SRC

  > Emacs, and its subprocess would inherit this environment variable and
  > allow torsocks to intercept network connection and force them in Tor.

I tried a simpler version which simply runs Emacs (and GDB) under
torsocks.

At first it seemed to work.  It worked for network sockets.
But then I found operations that failed because they used local sockets.
It seems that torsocks causes even local sockets to try to go via tor 

As a result, commands like invoking the browser (to tell the
already-running browser instance to visit a certain URL) fail.

Is there a wizard that knows a way to affect only network communication?


-- 
Dr Richard Stallman
Chief GNUisance of the GNU Project (https://gnu.org)
Founder, Free Software Foundation (https://fsf.org)
Internet Hall-of-Famer (https://internethalloffame.org)

Re: flag to use tor

[Tomas Hlavaty]

On Tue 17 Nov 2020 at 20:43, Zhu Zihao <all_but_last@163.com> wrote:
> #!/bin/sh
> export LD_PRELOAD=/path/to/libtorsocks.so
> exec -a "$0" emacs "$@"
> [...]
> Emacs, and its subprocess would inherit this environment variable and
> allow torsocks to intercept network connection and force them in Tor.

what if something (e.g. a script) sets the LD_PRELOAD variable to
something different?  would it defeat torsocks?  do i need to inspect
all such subprocesses and ensure that they use the right LD_PRELOAD
value?

Re: flag to use tor

[Robert Pluim]

Richard Stallman <rms@gnu.org> writes:

> I tried a simpler version which simply runs Emacs (and GDB) under
> torsocks.
>
> At first it seemed to work.  It worked for network sockets.
> But then I found operations that failed because they used local sockets.
> It seems that torsocks causes even local sockets to try to go via tor 

local unix sockets or network connections to localhost? If the latter,
thereʼs a configuration variable for torsocks to disable torifying
them (see
https://manpages.debian.org/testing/torsocks/torsocks.conf.5.en.html
for details)

Robert

Re: flag to use tor

[Richard Stallman]

[[[ To any NSA and FBI agents reading my email: please consider    ]]]
[[[ whether defending the US Constitution against all enemies,     ]]]
[[[ foreign or domestic, requires you to follow Snowden's example. ]]]

  > > I tried a simpler version which simply runs Emacs (and GDB) under
  > > torsocks.
  > >
  > > At first it seemed to work.  It worked for network sockets.
  > > But then I found operations that failed because they used local sockets.
  > > It seems that torsocks causes even local sockets to try to go via tor 

  > local unix sockets or network connections to localhost?

I have no idea.  I ran the 'icecat' program to specify a URL for my
existing IceCat process to display in a new frame.  I suppose that
Firefox has the same feature, but I don't know how it is implemented.
Whatever it does, changing it would not be practical.

I think Emacs needs a facility to do torsocks for all subprocesses
aside from a list of specific exceptions, and for all
open-network-stream connections aside from a list of specific
exceptions.  That will provide some flexibility, which running Emacs
itself under torsocks cannot offer.




-- 
Dr Richard Stallman
Chief GNUisance of the GNU Project (https://gnu.org)
Founder, Free Software Foundation (https://fsf.org)
Internet Hall-of-Famer (https://internethalloffame.org)